none
Exchange 2010 linked mailbox - Cannot login

    Pergunta

  • Scenario:
    Two way trust exist between 2 forests and is working.
    Each forest have multiple Exc 2010 SP2 servers, and multiple DC 2003/2008 servers.

    I create new linked mailbox in resource forest, link to Master account in user forest and mailbox create sucesfully.

    But logging into Outlook or OWA with user forest username, resource Exchange server log:

    The user has not been granted the requested logon type at this machine.

    Status: 0xc000015b

    Sub Status: 0x0

    sexta-feira, 15 de junho de 2012 08:53

Respostas

  • What about Network Logon, is that allowed, also, as you're checking the local Policy are you sure there's no Domain policy overriding this?

    Check a GPResults and look at the right and see who is allowed to do what.


    Sukh

    • Marcado como Resposta itec_itec sexta-feira, 15 de junho de 2012 12:44
    sexta-feira, 15 de junho de 2012 10:20

Todas as Respostas

  • sexta-feira, 15 de junho de 2012 09:38
  • Yes the process do complete succesfully.

    User account is created as disabled user in resource forest where exchange is in.
    Can create user in EMC or PS, same success result.

    But after trying to access mailbox, this error gets loggend in Exc server security eventlog

    Account Name" user resource domain\username

    The user has not been granted the requested logon type at this machine.

    Status: 0xc000015b

    Sub Status: 0x0

    sexta-feira, 15 de junho de 2012 09:54
  • And you have setup the trusts between th forests?

    Sukh

    sexta-feira, 15 de junho de 2012 09:58
  • Yes trusts are in place

    Can validate two way trust on DC's of both forests
    When creating the resource mailbox, can browse to user forest domain and select user for master account.
    GPO -> Security Settings -> Local Policies -> User rights assigments -> can edit for example Allow logon locally and select user forest domain and browse for users

    sexta-feira, 15 de junho de 2012 10:13
  • What about Network Logon, is that allowed, also, as you're checking the local Policy are you sure there's no Domain policy overriding this?

    Check a GPResults and look at the right and see who is allowed to do what.


    Sukh

    • Marcado como Resposta itec_itec sexta-feira, 15 de junho de 2012 12:44
    sexta-feira, 15 de junho de 2012 10:20
  • Thank you

    Allowed "user forest\domain users" into network login.

    Also allowed Kerberos-Sec TCP and LDAP GC between Dc's for above to work.

    Outlook and OWA now login succesfully

    sexta-feira, 15 de junho de 2012 12:49
  • hello, i have the same issue.  where do you exactly allow "user forest\domain users' into network login?

    on the CAS servers's local security policy?

    quarta-feira, 20 de junho de 2012 10:30